Intrusion detection devices are an integral part of any network. The Internet is constantly evolving, and new vulnerabilities and exploits are found regularly. They provide an additional level of protection to detect the presence of an intruder, and help to provide accoutability for the attacker's actions.
The snort network intrusion detection tool performs real-time traffic analysis, watching for anamolous events that may be considered a potential intrusion attempt. Based on the contents of the network traffic, at either the IP or application level, an alert is generated. It is easily configured, utilizes familiar methods for rule development, and takes only a few minutes to install. Snort currently includes the ability to detect more than 1100 potential vulnerabilities. It is quite feature-packed out of the box:
• Detect and alert based on pattern matching for threats including buffer overflows, stealth port scans, CGI attacks, SMB probes and NetBIOS queries, NMAP and other portscanners, well-known backdoors and system vulnerabilities, DDoS clients, and many more;
• Can be used on an existing workstation to monitor a home DSL connection, or on a dedicated server to monitor a corporate web site.